Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/190888?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/190888?format=api", "purl": "pkg:ebuild/app-emulation/libvirt@0.9.3-r1", "type": "ebuild", "namespace": "app-emulation", "name": "libvirt", "version": "0.9.3-r1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.21", "latest_non_vulnerable_version": "204-r1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77554?format=api", "vulnerability_id": "VCID-b83z-k3uw-sqfs", "summary": "The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24363", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24464", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2178" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128", "reference_id": "629128", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769", "reference_id": "709769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709769" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://usn.ubuntu.com/1152-1/", "reference_id": "USN-1152-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1152-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190888?format=api", "purl": "pkg:ebuild/app-emulation/libvirt@0.9.3-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1" } ], "aliases": [ "CVE-2011-2178" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b83z-k3uw-sqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77552?format=api", "vulnerability_id": "VCID-q38b-cmvy-gybh", "summary": "libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01556", "scoring_system": "epss", "scoring_elements": "0.81779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01556", "scoring_system": "epss", "scoring_elements": "0.81813", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1146" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773", "reference_id": "617773", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650", "reference_id": "683650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683650" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0391", "reference_id": "RHSA-2011:0391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0391" }, { "reference_url": "https://usn.ubuntu.com/1094-1/", "reference_id": "USN-1094-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1094-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190888?format=api", "purl": "pkg:ebuild/app-emulation/libvirt@0.9.3-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1" } ], "aliases": [ "CVE-2011-1146" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q38b-cmvy-gybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77555?format=api", "vulnerability_id": "VCID-weet-hgv1-7bb9", "summary": "Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03415", "scoring_system": "epss", "scoring_elements": "0.8766", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03415", "scoring_system": "epss", "scoring_elements": "0.87681", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2511" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630", "reference_id": "633630", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=717199", "reference_id": "717199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=717199" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1019", "reference_id": "RHSA-2011:1019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1197", "reference_id": "RHSA-2011:1197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1197" }, { "reference_url": "https://usn.ubuntu.com/1180-1/", "reference_id": "USN-1180-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1180-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190888?format=api", "purl": "pkg:ebuild/app-emulation/libvirt@0.9.3-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1" } ], "aliases": [ "CVE-2011-2511" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-weet-hgv1-7bb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77553?format=api", "vulnerability_id": "VCID-yhk7-v8zt-hbev", "summary": "libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1486.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75364", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00859", "scoring_system": "epss", "scoring_elements": "0.75393", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1486" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1486" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222", "reference_id": "623222", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623222" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391", "reference_id": "693391", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=693391" }, { "reference_url": "https://security.gentoo.org/glsa/201202-07", "reference_id": "GLSA-201202-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0478", "reference_id": "RHSA-2011:0478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0479", "reference_id": "RHSA-2011:0479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0479" }, { "reference_url": "https://usn.ubuntu.com/1152-1/", "reference_id": "USN-1152-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1152-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/190888?format=api", "purl": "pkg:ebuild/app-emulation/libvirt@0.9.3-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1" } ], "aliases": [ "CVE-2011-1486" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhk7-v8zt-hbev" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.9.3-r1" }